Bug#514578: libgnutls26: similar gnutls26 problem with mutt+msmtp after recent update

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Feb 10 23:04:44 UTC 2009 

On 02/10/2009 05:25 PM, Chess Griffin wrote:
> Here is the output of gnutls-cli to mail.mxes.net on port 993, which is
> Tuffmail's SSL/TLS IMAP server:
> 
> 
> Resolving 'mail.mxes.net'...
> Connecting to '216.86.168.198:993'...
> - Certificate type: X.509
>  - Got a certificate list of 1 certificates.
> 
>  - Certificate[0] info:

This mailserver is using a certificate that is signed with MD5:

0 dkg at pip:/tmp$ cat tmp.pem
-----BEGIN CERTIFICATE-----
MIIDQTCCAqqgAwIBAgIDCd7SMA0GCSqGSIb3DQEBBAUAMFoxCzAJBgNVBAYTAlVT
MRwwGgYDVQQKExNFcXVpZmF4IFNlY3VyZSBJbmMuMS0wKwYDVQQDEyRFcXVpZmF4
IFNlY3VyZSBHbG9iYWwgZUJ1c2luZXNzIENBLTEwHhcNMDgxMTA5MTYwMTMyWhcN
MTEwMTA5MTYwMTMyWjCBsDELMAkGA1UEBhMCVVMxEzARBgNVBAoUCioubXhlcy5u
ZXQxEzARBgNVBAsTCkdUNDAzMDI0NjAxMTAvBgNVBAsTKFNlZSB3d3cucmFwaWRz
c2wuY29tL3Jlc291cmNlcy9jcHMgKGMpMDgxLzAtBgNVBAsTJkRvbWFpbiBDb250
cm9sIFZhbGlkYXRlZCAtIFJhcGlkU1NMKFIpMRMwEQYDVQQDFAoqLm14ZXMubmV0
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzILFjzVEfEenDMZZXOVenNW2w
O+qlm4pcbQu8C7IH8utDZ+aSlYqaJjEbxN3AwIZKAXFtIj5FUESzHn5K2n9zCINY
i25KgEeNGKUoFzHxids3O78PwPXZ2V34V3Udc9I3q+E+QYCigKG3WZeV3hEjUSLp
v8dk1EJFm8o6l5hVgwIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIE8DAdBgNVHQ4E
FgQUxBtqZwl6d9S8rKGd57NxDnzF+1EwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDov
L2NybC5nZW90cnVzdC5jb20vY3Jscy9nbG9iYWxjYTEuY3JsMB8GA1UdIwQYMBaA
FL6ooHRyUGtEt8kj2Puo/7NXa2hsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAE8nFam1vZCKShd8
anxIySpfAUMdJBALiCI2aAjSvOnnwxthRbyqMudBdyhO8QrKh6PTfv5k1rW97/IM
+Dyf8DjkLQtfYMz7Ax6dBFLPOdsE1JZ86p4/beLhHUoJN7y+g1Ms8PsNS9c4RJDz
xSu4vmEpEZ7WlI/afsa1cz+PqaEj
-----END CERTIFICATE-----
0 dkg at pip:/tmp$ certtool -i <tmp.pem | grep Signature\ Algo
	Signature Algorithm: RSA-MD5
0 dkg at pip:/tmp$

MD5 is has been deprecated according to the gnutls documentation for a
couple years, but was only recently properly deprecated in the code.

It is deprecated for security reasons:

  http://www.win.tue.nl/hashclash/rogue-ca/

RapidSSL has been willing to freely re-issue all of its older MD5
certificates using SHA1 from what i've seen.  I suggest that you contact
your system administrators and advise them that they are using a
certificate that requires trust in a known-weak digest algorithm to
verify.  Since it was issued by RapidSSL, you may wish to point them to
their FAQ on the subject:

https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AD125

We hope to ship lenny with MD5 fully deprecated in GnuTLS so that
GnuTLS-reliant apps are not subject to forged intermediate certificate
authorities or other attacks based on a weak digest algorithm.

Thanks for reporting this,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20090210/786e132d/attachment.pgp

More information about the Pkg-gnutls-maint mailing list